This is the new home of the egghelp.org community forum.
All data has been migrated (including user logins/passwords) to a new phpBB version.
For more information, see this announcement post. Click the X in the top right-corner of this box to dismiss this message.
All data has been migrated (including user logins/passwords) to a new phpBB version.
For more information, see this announcement post. Click the X in the top right-corner of this box to dismiss this message.
Question (encryption)
Question (encryption)
Is there any way to encrypt a tcl script so when you give out your script to someone they can't edit it or see the source code and they can only run it?
Encrypt it: No. Thel-interpreter would still have to be able to decode your source in order to run the compiler. And once the script is loaded, it'd be as simple as .tcl info args / .tcl info body to get the original source anway...
ActiveTcl does however provide a byte-code compiler for tcl, making it more difficult to retrieve the original code. Even so, a creative user could still trace any and all command calls. Once the code has been traced enough, it'd be a mere matter of 'puzzle-solving'.
Be adviced though, within the eggdrop community, obfuscating the code is generally thought of as you might be hiding malware in the script (there are a few infamous examples of this to date).
ActiveTcl does however provide a byte-code compiler for tcl, making it more difficult to retrieve the original code. Even so, a creative user could still trace any and all command calls. Once the code has been traced enough, it'd be a mere matter of 'puzzle-solving'.
Be adviced though, within the eggdrop community, obfuscating the code is generally thought of as you might be hiding malware in the script (there are a few infamous examples of this to date).
NML_375
This thread reminded me of something that I wondered about some time ago, (and I hope the answer contributes to the original poster's quest):
alice.tcl
?
to the untrained eye, it looks like some sort of method of encrypting.....
http://www.egghelp.org/tclhtml/3478-4-0-0-1-alice.htm
Thanks
What's all that stuff innml375 wrote:Encrypt it: No.
...
alice.tcl
?
to the untrained eye, it looks like some sort of method of encrypting.....
http://www.egghelp.org/tclhtml/3478-4-0-0-1-alice.htm
Thanks
@willyw:
That is simply obfuscation. Everything needed to restore the script into the original source is provided; add a line to open a file (set fd [open myfile.tcl "WRONLY CREAT TRUNC"]), and then replace the outer eval with "puts $fd ", and finally a "close $fd" at the end of the script, and you'll find the whole source in myfile.tcl after loading the script..
Or, as I mentioned in my earlier post, you could simply use the "info args" and "info body" commands to rebuild any and all procs (use "info procs" for a list of all procs) once the script is loaded...
That is simply obfuscation. Everything needed to restore the script into the original source is provided; add a line to open a file (set fd [open myfile.tcl "WRONLY CREAT TRUNC"]), and then replace the outer eval with "puts $fd ", and finally a "close $fd" at the end of the script, and you'll find the whole source in myfile.tcl after loading the script..
Or, as I mentioned in my earlier post, you could simply use the "info args" and "info body" commands to rebuild any and all procs (use "info procs" for a list of all procs) once the script is loaded...
NML_375
-
speechles
- Revered One
- Posts: 1398
- Joined: Sat Aug 26, 2006 10:19 pm
- Location: emerald triangle, california (coastal redwoods)
Re: Question (encryption)
As nml375 originally said sure there are. But with it come ethical and real-world outcomes. Eggdrop is mostly hobbyists. There isn't much potential in generating a pay model from supporting eggdrop users with scripts (This is the only reason I can think of where one would obfuscate code). Thats the real-world outcome, you won't make any money. You instead, need to support the hobbyist. To these hobbyists, seeing how others create their "wheel" vs another scripters "wheel" helps them see the inner workings of what truly makes one script different than another. Being it string vs list flaws, Injection exploits, etc.. That means, you didn't directly put within your code any intentional trojans or intentional code to takeover someones bot. But what you did do, is write your script so poorly it allows malicious users to takeover the bot using specially crafted queries. This is just as bad as purposely writing in these exploits. As obfuscated, these issues cannot be corrected as easily. And rather than de-obfuscate to fix the issue, taking all that time just so you can see the code and begin to find/correct the issue. It's easier to just use any other script that does similar.WaterRatj wrote:Is there any way to encrypt a tcl script so when you give out your script to someone they can't edit it or see the source code and they can only run it?
So after the reading the above, you still feel like alienating 99.999% of eggdrop's audience from ever using your script, and feel happy with the .001% that do use it. That being mostly 1, just you. Or... perhaps 2, you and a friend of yours using that script. Even if you distribute it well. It will likely just be you and your friend ever using it. This is why there is really no point to obfuscate your code.. Just food for thought.